A previously undiscovered buy in Microsoft Word is being used by hackers to install malware on the computers of unsuspecting victims.
The exploit occurs when the victim is tricked into opening a Word document that includes malicious HTML app, which has been disguised to look like a Rich Text Document.
Once opened, the malicious app then runs a script that can be used to install malware on a computer without the user’s knowledge.
Researchers from McAfee were first to discover the bug with, security firm FireEye also reporting on the issue.
McAfee said “the attacker gains full code execution on the victim’s machine”.
McAfee says the exploit, which affects all versions of Office is yet to be patched, although Microsoft is reportedly working on a fix.
Of course hackers using Microsoft Word to spread malware and other nasty stuff is nothing
However, this latest attack is particularly dangerous as unlike typical attacks that occur using Word, this one does not ask the the user to enable Macros – which Microsoft normally warns users about.
McAfee warns Microsoft Office users against opening any files obtained from untrusted sources and to ensure that Office Protected View is enabled.